private FileEncryption GetFileEncryption()
{
if (!this.IsEncrypted)
{
return(null);
}
// We want to support downloading PlayReady encrypted content too.
if (this.EncryptionScheme != FileEncryption.SchemeName)
{
return(null);
}
IContentKey key = this.Asset.ContentKeys.Where(c => c.ContentKeyType == ContentKeyType.StorageEncryption).FirstOrDefault();
Guid keyId = EncryptionUtils.GetKeyIdAsGuid(key.Id);
return(new FileEncryption(key.GetClearKeyValue(), keyId));
}
/// <summary>
/// Decrypts the configuration string.
/// </summary>
/// <param name="cloudMediaContext">The cloud media context.</param>
/// <param name="encryptionKeyId">The encryption key id.</param>
/// <param name="initializationVector">The initialization vector.</param>
/// <param name="encryptedConfiguration">The encrypted configuration.</param>
/// <returns>The decrypted configuration.</returns>
internal static string DecryptConfigurationString(CloudMediaContext cloudMediaContext, string encryptionKeyId, string initializationVector, string encryptedConfiguration)
{
if (cloudMediaContext == null)
{
throw new ArgumentNullException("cloudMediaContext");
}
if (string.IsNullOrEmpty(encryptionKeyId))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "encryption key identifier"), "encryptionKeyId");
}
if (string.IsNullOrEmpty(initializationVector))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "initialization vector"), "initializationVector");
}
if (string.IsNullOrEmpty(encryptedConfiguration))
{
throw new ArgumentException(string.Format(CultureInfo.InvariantCulture, StringTable.ErrorArgCannotBeNullOrEmpty, "encrypted configuration"), "encryptedConfiguration");
}
string returnValue;
Guid keyId = EncryptionUtils.GetKeyIdAsGuid(encryptionKeyId);
byte[] iv = Convert.FromBase64String(initializationVector);
IContentKey configKey = cloudMediaContext.ContentKeys.Where(c => c.Id == encryptionKeyId).Single();
byte[] contentKey = configKey.GetClearKeyValue();
using (ConfigurationEncryption configEnc = new ConfigurationEncryption(keyId, contentKey, iv))
{
returnValue = configEnc.Decrypt(encryptedConfiguration);
}
return(returnValue);
}
/// <summary>
/// Uploads the destinationPath with given path asynchronously
/// </summary>
/// <param name="path">The path of a destinationPath to upload</param>
/// <param name="blobTransferClient">The <see cref="BlobTransferClient"/> which is used to upload files.</param>
/// <param name="locator">An asset <see cref="ILocator"/> which defines permissions associated with the Asset.</param>
/// <param name="token">A <see cref="CancellationToken"/> to use for canceling upload operation.</param>
/// <returns>A function delegate that returns the future result to be available through the Task.</returns>
public Task UploadAsync(string path, BlobTransferClient blobTransferClient, ILocator locator, CancellationToken token)
{
if (blobTransferClient == null)
{
throw new ArgumentNullException("blobTransferClient");
}
if (locator == null)
{
throw new ArgumentNullException("locator");
}
if (path == null)
{
throw new ArgumentNullException("path");
}
if (!File.Exists(path))
{
throw new FileNotFoundException(path);
}
ValidateFileName(path);
IContentKey contentKeyData = null;
FileEncryption fileEncryption = null;
AssetCreationOptions assetCreationOptions = this.Asset.Options;
if (assetCreationOptions.HasFlag(AssetCreationOptions.StorageEncrypted))
{
contentKeyData = this.Asset.ContentKeys.Where(c => c.ContentKeyType == ContentKeyType.StorageEncryption).FirstOrDefault();
if (contentKeyData == null)
{
throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, StringTable.StorageEncryptionContentKeyIsMissing, this.Asset.Id));
}
fileEncryption = new FileEncryption(contentKeyData.GetClearKeyValue(), EncryptionUtils.GetKeyIdAsGuid(contentKeyData.Id));
}
EventHandler <BlobTransferProgressChangedEventArgs> handler = (s, e) => OnUploadProgressChanged(path, e);
blobTransferClient.TransferProgressChanged += handler;
MediaRetryPolicy retryPolicy = this.GetMediaContext().MediaServicesClassFactory.GetBlobStorageClientRetryPolicy();
return(blobTransferClient.UploadBlob(
new Uri(locator.Path),
path,
null,
fileEncryption,
token,
retryPolicy.AsAzureStorageClientRetryPolicy())
.ContinueWith(
ts =>
{
blobTransferClient.TransferProgressChanged -= handler;
this.PostUploadAction(ts, path, fileEncryption, assetCreationOptions, token);
}));
}
public override Task <IAssetFile> CreateAsync(string name, CancellationToken cancelation)
{
if (_parentAsset == null)
{
throw new InvalidOperationException(StringTable.AssetFileCreateParentAssetIsNull);
}
if (string.IsNullOrWhiteSpace(name))
{
throw new ArgumentException(String.Format(CultureInfo.InvariantCulture, StringTable.ErrorCreatingAssetFileEmptyFileName));
}
cancelation.ThrowIfCancellationRequested();
IMediaDataServiceContext dataContext = null;
AssetFileData assetFile = null;
return(Task.Factory.StartNew(() =>
{
cancelation.ThrowIfCancellationRequested();
dataContext = MediaContext.MediaServicesClassFactory.CreateDataServiceContext();
FileEncryption fileEncryption = null;
// Set a MIME type based on the extension of the file name
string mimeType = AssetFileData.GetMimeType(name);
assetFile = new AssetFileData
{
Name = name,
ParentAssetId = _parentAsset.Id,
MimeType = mimeType,
};
try
{
// Update the files associated with the asset with the encryption related metadata.
if (_parentAsset.Options.HasFlag(AssetCreationOptions.StorageEncrypted))
{
IContentKey storageEncryptionKey = _parentAsset.ContentKeys.Where(c => c.ContentKeyType == ContentKeyType.StorageEncryption).FirstOrDefault();
cancelation.ThrowIfCancellationRequested();
if (storageEncryptionKey == null)
{
throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, StringTable.StorageEncryptionContentKeyIsMissing, _parentAsset.Id));
}
fileEncryption = new FileEncryption(storageEncryptionKey.GetClearKeyValue(), EncryptionUtils.GetKeyIdAsGuid(storageEncryptionKey.Id));
AssetBaseCollection.AddEncryptionMetadataToAssetFile(assetFile, fileEncryption);
}
else if (_parentAsset.Options.HasFlag(AssetCreationOptions.CommonEncryptionProtected))
{
AssetBaseCollection.SetAssetFileForCommonEncryption(assetFile);
}
else if (_parentAsset.Options.HasFlag(AssetCreationOptions.EnvelopeEncryptionProtected))
{
AssetBaseCollection.SetAssetFileForEnvelopeEncryption(assetFile);
}
}
finally
{
if (fileEncryption != null)
{
fileEncryption.Dispose();
}
}
dataContext.AddObject(FileSet, assetFile);
cancelation.ThrowIfCancellationRequested();
cancelation.ThrowIfCancellationRequested();
MediaRetryPolicy retryPolicy = this.MediaContext.MediaServicesClassFactory.GetSaveChangesRetryPolicy(dataContext as IRetryPolicyAdapter);
return retryPolicy.ExecuteAsync <IMediaDataServiceResponse>(() =>
{
cancelation.ThrowIfCancellationRequested();
return dataContext.SaveChangesAsync(assetFile);
}, cancelation).Result;
}, cancelation)
.ContinueWith <IAssetFile>(t =>
{
t.ThrowIfFaulted();
AssetFileData data = (AssetFileData)t.Result.AsyncState;
return data;
}, cancelation));
}
private void AssetEncryptAction(string outputPath, bool overwriteExistingEncryptedFiles, CancellationToken cancellationToken, ConcurrentDictionary <string, IContentKey> keys, IIngestManifestAsset asset)
{
cancellationToken.ThrowIfCancellationRequested();
List <Task> encryptTasks = new List <Task>();
AssetCreationOptions assetCreationOptions = asset.Asset.Options;
if (assetCreationOptions.HasFlag(AssetCreationOptions.StorageEncrypted))
{
IContentKey contentKeyData = keys[asset.Id];
var fileEncryption = new FileEncryption(contentKeyData.GetClearKeyValue(), EncryptionUtils.GetKeyIdAsGuid(contentKeyData.Id));
foreach (IngestManifestFileData file in asset.IngestManifestFiles)
{
ulong iv = Convert.ToUInt64(file.InitializationVector, CultureInfo.InvariantCulture);
fileEncryption.SetInitializationVectorForFile(file.Name, iv);
FileInfo fileInfo = null;
fileInfo = TrackedFilesPaths.ContainsKey(file.Id) ? new FileInfo(TrackedFilesPaths[file.Id]) : new FileInfo(file.Name);
string destinationPath = Path.Combine(outputPath, fileInfo.Name);
if (File.Exists(destinationPath))
{
if (overwriteExistingEncryptedFiles)
{
File.Delete(destinationPath);
}
else
{
throw new IOException(string.Format(CultureInfo.InvariantCulture, StringTable.BulkIngestFileExists, destinationPath));
}
}
long fileSize = fileInfo.Length;
int maxBlockSize = GetBlockSize(fileSize);
int numThreads = MaxNumberOfEncryptionThreadsForFilePerCore * Environment.ProcessorCount;
ConcurrentQueue <Tuple <int, int> > queue = PrepareUploadQueue(maxBlockSize, fileSize);
if (queue.Count < numThreads)
{
numThreads = queue.Count;
}
File.Create(destinationPath).Dispose();
Action action = GetEncryptionAction(cancellationToken, fileEncryption, file, destinationPath, fileInfo, queue, maxBlockSize);
for (int i = 0; i < numThreads; i++)
{
encryptTasks.Add(Task.Factory.StartNew((action), cancellationToken));
}
}
try
{
Task.WaitAll(encryptTasks.ToArray());
}
finally
{
fileEncryption.Dispose();
}
}
}
/// <summary>
/// Uploads the stream asynchronously
/// </summary>
/// <param name="stream">The stream to upload</param>
/// <param name="blobTransferClient">The <see cref="BlobTransferClient"/> which is used to upload files.</param>
/// <param name="locator">An locator <see cref="ILocator"/> which defines permissions associated with the Asset.</param>
/// <param name="token">A <see cref="CancellationToken"/> to use for canceling upload operation.</param>
/// <returns>A function delegate that returns the future result to be available through the Task.</returns>
public Task UploadAsync(Stream stream, BlobTransferClient blobTransferClient, ILocator locator, CancellationToken token)
{
if (this.IsFragmented())
{
throw new NotSupportedException(StringTable.NotSupportedFragblobUpload);
}
if (blobTransferClient == null)
{
throw new ArgumentNullException("blobTransferClient");
}
if (locator == null)
{
throw new ArgumentNullException("locator");
}
if (stream == null)
{
throw new ArgumentNullException("stream");
}
IContentKey contentKeyData = null;
FileEncryption fileEncryption = null;
AssetCreationOptions assetCreationOptions = this.Asset.Options;
if (assetCreationOptions.HasFlag(AssetCreationOptions.StorageEncrypted))
{
contentKeyData = this.Asset.ContentKeys.FirstOrDefault(c => c.ContentKeyType == ContentKeyType.StorageEncryption);
if (contentKeyData == null)
{
throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, StringTable.StorageEncryptionContentKeyIsMissing, this.Asset.Id));
}
fileEncryption = new FileEncryption(contentKeyData.GetClearKeyValue(), EncryptionUtils.GetKeyIdAsGuid(contentKeyData.Id));
ulong iv = Convert.ToUInt64(this.InitializationVector, CultureInfo.InvariantCulture);
fileEncryption.SetInitializationVectorForFile(this.Name, iv);
}
EventHandler <BlobTransferProgressChangedEventArgs> handler = (s, e) => OnUploadProgressChanged(this.Name, e);
blobTransferClient.TransferProgressChanged += handler;
MediaRetryPolicy retryPolicy = this.GetMediaContext().MediaServicesClassFactory.GetBlobStorageClientRetryPolicy();
var streamLength = stream.Length;
return(blobTransferClient.UploadBlob(
new Uri(locator.BaseUri),
this.Name,
stream,
null,
fileEncryption,
token,
retryPolicy.AsAzureStorageClientRetryPolicy(),
() => locator.ContentAccessComponent)
.ContinueWith(
ts =>
{
blobTransferClient.TransferProgressChanged -= handler;
this.PostUploadAction(ts, streamLength, token);
}));
}
private static void SetEncryptionSettings(IIngestManifestAsset ingestManifestAsset, AssetCreationOptions options, IngestManifestFileData data)
{
if (options.HasFlag(AssetCreationOptions.StorageEncrypted))
{
var contentKeyData = ingestManifestAsset.Asset.ContentKeys.Where(c => c.ContentKeyType == ContentKeyType.StorageEncryption).FirstOrDefault();
if (contentKeyData == null)
{
throw new InvalidOperationException(String.Format(CultureInfo.InvariantCulture, StringTable.StorageEncryptionContentKeyIsMissing, ingestManifestAsset.Asset.Id));
}
using (var fileEncryption = new FileEncryption(contentKeyData.GetClearKeyValue(), EncryptionUtils.GetKeyIdAsGuid(contentKeyData.Id)))
{
if (!fileEncryption.IsInitializationVectorPresent(data.Name))
{
fileEncryption.CreateInitializationVectorForFile(data.Name);
}
ulong iv = fileEncryption.GetInitializationVectorForFile(data.Name);
data.IsEncrypted = true;
data.EncryptionKeyId = fileEncryption.GetKeyIdentifierAsString();
data.EncryptionScheme = FileEncryption.SchemeName;
data.EncryptionVersion = FileEncryption.SchemeVersion;
data.InitializationVector = iv.ToString(CultureInfo.InvariantCulture);
}
}
else if (options.HasFlag(AssetCreationOptions.CommonEncryptionProtected))
{
data.IsEncrypted = true;
data.EncryptionScheme = CommonEncryption.SchemeName;
data.EncryptionVersion = CommonEncryption.SchemeVersion;
}
else if (options.HasFlag(AssetCreationOptions.EnvelopeEncryptionProtected))
{
data.IsEncrypted = true;
data.EncryptionScheme = EnvelopeEncryption.SchemeName;
data.EncryptionVersion = EnvelopeEncryption.SchemeVersion;
}
}